VDB
CVE-2009-2139
CVE-2009-2139
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238.
EPSS 23.77% · 96.1th percentile
Risk Scores
CVSS v2.0
9.300000190734863
EPSS Score
23.77%
96.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sun | openoffice.org | 2.0.4, 2.2.0, 2.2.1 |
| n/a | n/a | n/a |
Timeline
- Sep 8, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- MDVSA-2010:105 vendor-advisory
- MDVSA-2010:091 vendor-advisory
- http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55 url
- MDVSA-2010:035 vendor-advisory
- SUSE-SR:2009:015 vendor-advisory
- DSA-1880 vendor-advisory
- [oss-security] 20090922 Re: [oss-security] OpenOffice.org CVE-2009-2139 mailing-list
- [oss-security] 20090910 Re: OpenOffice.org CVE-2009-2139 mailing-list
- [oss-security] 20091026 Re: CVE-2009-3239 is a duplicate of CVE-2009-2139 and CVE-2009-2140 mailing-list
- [oss-security] 20090911 Re: OpenOffice.org CVE-2009-2139 mailing-list
- 36291 vdb
- 36613 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2009-2139 advisory